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•REMARKS/AHCTJMENTS 



Applicant would like to thank the Examiner for the thorough review of the present 
application. Based upon the amendments and the following remarks, Applicants respectfully 
request reconsideration of the present application and allowance of the pending claims. 



The Present Invention 



The present invention includes a method and system for selectively implementing and 
enforcing Authentication, Authorization and Accounting (AAA) of users accessing a network via 
a gateway device. According to the present invention, a user may first be authenticated to 
determine the identity of the user. The authentication capability of the system and method of the 
present invention can be based upon a user ED, computer, location, or one or more additional 
attributes identifying a source (e.g., a particular user, computer or location) requesting network 
access. Once authenticated, an authorization capability of the system and meibod of the present 
invention is customized based upon the identity of the source, such that sources have different 
access rights based upon their identity, and the content and/or destination requested. For 
instance, access rights permit a first source to access a particular Internet destination address, 
while refusing a second source access to that same address. In addition, the iiuthorization 
capability of the system and method of the present invention can be based upon the other 
information contained in the data transmission, such as a destination port, Ink-met address, TCP 
port, network, or similar destination address. Moreover, the AAA of the present invention can 
be based upon the content type or protocol being transmitted. By authenticating users in this 
manner, each packet can be filtered through the selective AAA process, so that a user can be 
identified and authorized access to a particular destination. Thus, each time tbe user attempts to 
access a different destination, the user is subject to the AAA, so that the user may be prevented 
access from a particular site the AAA system and method deem inaccessible 10 the user based 
upon the user's authorization while permitting access to other sites that the A AA method and 
system deem accessible. Additionally, according to one embodiment of the invention, source 
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access to the network may be tracked and logged by the present invention for accoutring and 
historical purposes. 

35 U.S.C. 5 102 <V> Rejections 

Claims 1 -3, 6-1 1, 14-17 20-27 and 30-32 stand rejected as being anticipated by United 
States Patent no. 5,1 13,499, issued to Ankney et al. (the '499 Ankney patent). 

According to the Office Action, the '499 Ankney patent teaches all of the elements of 
independent Claim 1, specifically: 

A method for selectably controlling and customizing source access to a network, wherein 
the source is associated with a source computer (Column 1, lines 12-18), and wherein the 
source computer has transparent access (Column 6, lines 28-29) to the network (Figure 3, 
Column 1, lines 7-11) via a gateway device (Column S, lines 46-50) and no configuration 
software need be installed on the source computer (Column 7, lines 3-19) to access the network, 
comprising: 

receiving at the gateway device a request from the source computer for access to 

the network (Column 5, lines 46-50) 

identifying an attribute associated with the source based upon a. packet transmitted 
from the source computer and received by the gateway device (Column 1, lines 24-27 and 

Column 5, lines 46-57); 

accessing a source profile corresponding to the source and stored in a source 
profile database, wherein the source profile is accessed based upon the attribute, and wherein the 
source profile database is located external to the gateway device and in communication with the 
gateway device (Figure 3, Column 5, lines 58-67 and Column 7, lines 40-44), and 

determining the access rights of the source based upon the source profile, wherein 
access rights define the rights of the source to access the network (Column 6, lines 29-32). 
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tTip 'dQQ Anknev P *-« n n . Not Tea ^ ■ W~ Computer that has Transparent Access to the 
Network via a Gateway Device 

The '499 Ankney patent teaches a method for authenticating and authorizing that is 
transparent to ihe user. As stated in the Ankney '499 patent at Column 6, lines 28 -29, "the 
intercommunication between the switch and the TAMS are transparent to the user", In effect, 
this means that the user is unaware that the switch is communicating with the TAMS ox, in the 
present invention, that the gateway device is communicating with AAA server. However, the 
present invention and specifically independent Claims 1 and 10. claim that the source computer, 
as opposed to the user, has transparent access to the network via the gateway device. The 
applicant views this as a novel and paramount difference between the teachings of the '499 
Ankney patent and the present invention. 

In the '499 Ankney patent a pre-assigned relationship must exist between the host 
computers and the network. The host computer must support a specific protocol, i.e, call request 
protocol, in order to access the network. See the paragraph at beginning at Column 16, line 3, 
which describes the call request protocol ID in terms of X.25 or X.29 protocols. In this regard, 
the host computer that accesses the network in the '499 Ankney patent is a static device and the 
packet switch in the '499 Ankney patent provides static authentication, i.e., authentication is 
limited to authentication of the host computer that has the pre-assigned relationship. Since, the 
'499 Ankney patent teaches a pre-assigned relationship based on pre-defined protocols, the 
access that is provided to the host computer is not, by definition, transparent access. 

In the present invention, transparent access by the source cpmputer is paramount because 
the gateway device is capable of providing dynamic authentication to a source. As defined in 
claims 1 and 10 and in the specification of the present invention the source is associated with the 
source computer. The source is not, in and of itself, the source computer. Ah the specification 
defines at page 10, beginning at line 26, "Users and computers attempting to access a network 20 
or online service 22 via the gateway device 12 are referred to hereinafter as sources. According 
to AAA methods and systems of the present invention, a source attempting to access a network 
via the gateway device 12 is authenticated based on attributes associated therewith. These 
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attributes can include the identity of a particular user or computer, location through which access 
is requested, requested network or destination, and the like - These attributes mclude the MAC 
address of the computer, the users password and or a VLAN tag for location identification. Thus 
the gateway device has the ability to grant authentication to a computer, to a user or to a locate 
because the access is transparent to the source computer. Thus, in the present iavention, the 
transparency to the source computer provides for the method and systems of the present 
invention to grant authentication to users, computers and/or locations (for example, a specific 
access port in a hotel room, airport kiosk or the like). The source computers that access the 
network do so transparently, without the need to establish a pre-assigned relationship with the 
gateway device or to communicate with the gateway device via a pre-assigned or defined 
protocol - 

For this reason, applicant respectfully submits that independent Claims 1 and 10, which 
have been rejected under 35 U.S.C. § 1 02 (b) are not anticipated by the cited '499 Ankney 
reference and, are thus, patentable. 

In addition, the dependent Claims that depend from Claims 1. 10. specifically Claims 2- 
9 and 11-16 add further limitations to the independent claims and, as such, as a matter of law, if 
the independent claims are found patentable so too should the accompanying dependent claims. 

Thp « 409 Anknev p° w rws Not T i ~* ■ Computer that Requires Tso Confifruranon , 

g^fimrsTft *n Access the Network: 

While the '499 Patent provides for secure user access to a public data network "without 
requiring individual customers or device manufacturers to modify their hardware or software" 
(Column 7, lines 17-19), modification of software is not equivalent to the need to install 
configuration software on the host computer. As previously discussed, the host computer in the 
'499 Ankney patent must support call request protocol and, thus a pre^onfif.uration function is 
necessary as a precursor to implementing the protocol for call requests. This pre-configuration 
necessitates the need to install a configuration agent on the host computers. 
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As defined in independent Claims 1 and loL and in the specification at 11* paragraph on 
page 14, beginning at line 18, the source computer: requires no configuration software installed 
on the source computer to access the network. B y ; not requiring configuration software, the 
source computer is able to transparently access the network. No configuration software is 
required because the source computers and the gateway device do not require a pre-assigned 
relationship. The authentication that is granted through the gateway device is by an attributed 
associated with the source. This attribute may be an ID of the source computer, an ID of the user 
or an ID of the location from which access is being sought. 

Since independent Claims 1 and 10 specifically require no configuration software be 
installed on the source computer for the purpose of accessing the network and the '499 Ankney 
patent requires the host computers to be dually configured to support call request 
record/protocol, applicant respectfully submits that for this additional reason independent Claims 
1 and 10, which have been rejected under 35 U.S.C § 102 (b) are not anticipated by the cited 
'499 Ankney reference and, are thus, patentable. 

Further, as mentioned above, the dependent Claims that depend from < :iaims 1,10, 
specifically Claims 2-9 and 11-16 add further limitations to the independent claims and, as such, 
as a matter of law, if the independent claims are found patentable so too should the 
accompanying dependent claims - 



According to the Office Action, the '499 Ankney patent teaches all of the elements of 
independent Claim 10, specifically: 

A system for selectably controlling and customizing access, to a network, by a 
source, where the source is associated with a source computer, and wherein the source computer 
has transparent access to the network via a gateway device and no configuration software need 
be installed on the source computer to access the network, comprising: 

a gateway device (Column 5, lines 46-47), wherein the gateway device receives a 
request from the source for access to the network (Column S, lines 46-50); 
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a source i 



: profile database in communication with the gateway device and located 
external to the gateway device (Figure 3), wherein the source profile database stores 
access information identifiable by an attribute associated with the source, and wherein the 
attribute is identified based upon a data packet transmitted from the source computer and 
received by the gateway device (Column 5, Hoes 58-67 and Column 7, lines «M4). and 

an Authentication, Authorization arid Accounting (AAA) server in 
communication with the gateway device and source profile database, w herein the AAA 
server determines if the source is entitled to access the network based upon the access 
information stored within the source profile database, and wherein the AAA server 
determines the access rights of the source, .wherein access rights define the rights of the 
source to access destination sites via the network (Figures 8-10, Column S, lines 7-16, 
58-67 and Column 7, lines 20-27, 40-44). 

ThP '4QQ Anknev Patent Does Not Teach or Sugg e st Accounting as a Required Function 
of the Total Access M anagement System (TAMS) 

The TAMS system taught in the '499 Ankney patent teaches a system for authenticating 
and authorizing users and host computers for access to a public data network. The TAMS 
systems does not teach or suggest an accounting means. To the applicant's knowledge, the 
TAMS system taught in the '499 Ankney patent does not provide for an accounting protocol 
between the packet switch and the TAMS server.. 

Claim 10 of the present invention specifically lists as an element an Authentication, 
Authorization and Accounting (AAA) server. Tnis server must, by its very nature, support and 
provide an accounting function, generally TCP/IP accounting. 

Since independent Claim 10 specifically requires a AAA server capable of providing 
accounting functions and the *499 Ankney patent provides no teaching that the TAMS provides 
such functionality, applicant respectfully submits that for this additional reason independent 
Claim 10, which has been rejected under 35 U.S.C. § 102 (b) is not anticipated by the cited '499 
Ankney reference and, is thus, patentable. 

i 
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Further, as mentioned above, the dependent Claims that depend from Claim 10, 
specifically Claims 1 1-16 add further limitations td the independent claims and, as such, as a 
matter of law, if the independent claims are found patentable so too should the accompanying 
dependent claims. 



Claim 17 has been amended to add a key element that was erroneously omitted in the 
ginal filing. The amended claim requires direction (i.e., red-direction) of the source to a 
redirection site when the source profile is not located within the source profile database. 



oni 



The '499 Ank"ftv Patent Doe? Not Teach D irection of the Source to a Redirection Sit$ when the 
Source Profile is Not Located within the Source Profile Database 

The only mention of redirection in the '499 Ankney patent is at Column 15, lines 1 - 9, 
which describes re-diiection of the call to a specified destination address if access is allowed. 
The '499 Ankney patent provides no teaching of direction (i.e., red-diTection) of the source to a 
redirection site when the source profile is not located within the source profile database, in other 
words when access is not allowed because a source profile is not found in the database. 

Claim 17, as amended specifically requires direction of the source to a redirection when 
the source profile is not located within the source! profile database. This allows me user of the 
system to provide necessary source information fpr the purpose of authenticating and granting 
access to the source. The specification discusses such redirection at page 14, beginning at line 

3. j ' 

Since independent Claim 17 specifically direction of the source to a redirection site when 
access is not allowed because a source profile is not found and the '499 Ankuey patent provides 
no teaching of such a redirection process, applicant respectfully submits that For this reason 
independent Claim 17, which bas been rejected under 35 U.S.C. § 102 (b) is not anticipated by 
the cited '499 Ankney reference and, is thus, patentable. 
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Further, as mentioned above, the dependentj Claims that depend from Claim 17, 
specifically Claims 18-24 add further limitations jhj the independent claims and, as such, as a 
matter of law, if the independent claims are found patentable so too should the accompanying 
dependent claims. , \ 
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Conclusion ' | 

In view of the proposed amended claims and the remarks submitted above, it is 
respectfully submitted that the present claims are ib condition for immediate allowance. It is 
therefore respectfully requested that a Notice of Allowance be issued. The Examiner is 
encouraged to contact Applicant's undersigned attorney to resolve any remaining issues in order 
to expedite examination of the present invention; [ 

. ij 

It is not believed that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions! df time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § l-136(a), and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account No. 16-0605. 



RespectftiUy submitted, 
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